Subject: Re: insufficient entropy for rnd
To: Daniel Carosone <>
From: Greg Troxel <>
List: tech-crypto
Date: 08/25/2003 12:55:22
  > rnd(4) seems a bit schizophrenic about whether it trusts things like
  > hash functions or not.

  How so, other than the estimator? (which is hopelessly bogus, but
  at least can't be any less paranoid than a user asking for /dev/random

Basically, I was commenting on the notion of having 'full entropy'
bits as the prime commodity via /dev/random, v.s. second-class bits
from /dev/urandom.  If the seed has enough entropy, and the hash
construction and the hash are sound, then the multiple outputs should
all be unguessable and independent.  Being deeply worried about having
full-entropy bits (which Yarrow is not) to me indicates a distrust of
the hash function.  But, rnd depends critically on using the hash
function for mixing in bits.

        Greg Troxel <>